At 19:03 2/27/2008, Karsten Ohme wrote: >I'm afraid, GPShell will not not work. Because it might be impossible. > >Actually I see no reason why a card could not be rest to the default key set >and empty state. If all data is zeroed out, nothing should happen. But maybe >there a some security problems I do not see. or the manufacturer wants to earn >more money.
The reason this is done is because the security manager doesn't know the value of what's on the card. Let's say the issuer had placed a couple of apps on the card with Shareable interfaces. An attacker comes along and starts trying keys to add a new app to access those interfaces.... Another possibility is a card that has some number of applets in ROM that get personalized by the addition of data through the GP secure interface before they can be used... its possible that an unpersonalized card that can be personalized by an attacker has a *lot* of value. Locking the card after some number of failed attempts is the right approach. _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
